Deploy the istio-cni helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Istio CNI plugin using a Helm chart on an AWS Elastic Kubernetes Service (EKS) cluster, we will follow these steps:

1. Create an EKS cluster: We'll start by setting up an EKS cluster where Istio CNI will be installed. For this, we will use the `eks.Cluster` resource from the EKS Pulumi package.

2. Install Helm and Istio CNI: After the cluster is up and running, we will use Pulumi's `helm.v3.Chart` resource to deploy the Istio CNI plugin. Pulumi supports Helm and allows you to deploy charts directly into the cluster.

Here's a Pulumi program written in TypeScript that demonstrates how to accomplish this:

```typescript
import * as eks from "@pulumi/eks";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    storageClasses: "gp2",
    deployDashboard: false,
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Create a Kubernetes provider instance using the kubeconfig from the created EKS cluster.
const provider = new k8s.Provider("k8s-provider", {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

// Deploy Istio CNI plugin using Helm chart.
const istioCniChart = new k8s.helm.v3.Chart("istio-cni", {
    chart: "istio-cni",
    version: "1.0.0", // Replace with the desired version of Istio CNI
    fetchOpts:{
        repo: "https://istio-release.storage.googleapis.com/charts",
    },
    namespace: "kube-system", // Istio CNI is usually installed in the kube-system namespace
}, { provider: provider });

// Export the URL for the cluster's Kubernetes dashboard (if deployDashboard was set to true).
export const dashboardUrl = pulumi.interpolate`https://${cluster.endpoint}/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/`;

```

### Explanation:

- **EKS Cluster:** We initiate the creation of an EKS cluster named `my-cluster` with the desired capacity and size constraints. We have specified `instanceType` and `storageClasses` for the nodes in this cluster.

- **Kubeconfig:** The kubeconfig necessary to communicate with the cluster is exported so that we can use `kubectl` and other tools to interact with the EKS cluster.

- **Kubernetes Provider:** We specify a `k8s.Provider` that uses the kubeconfig of the created EKS cluster. This provider will manage resources within the EKS cluster.

- **Helm Chart for Istio CNI:** Using the `k8s.helm.v3.Chart`, we deploy the Istio CNI plugin. We specify the chart and version and point to the Istio Helm chart repository. Istio CNI is typically deployed in the `kube-system` namespace.

- **Dashboard URL:** The URL for the Kubernetes dashboard is exported but will output an endpoint only if `deployDashboard` is set to `true`. By default, it's set to false in this script.

#### Notes:
- Replace `1.0.0` with the correct version of the Istio CNI Helm chart that you want to deploy.
- Before running this Pulumi program, ensure that you have the `@pulumi/eks`, `@pulumi/pulumi`, and `@pulumi/kubernetes` npm packages installed. 
- Some knowledge of Pulumi, TypeScript, AWS, EKS, and Kubernetes is beneficial to understand and make essential modifications to the code if necessary.
- This code assumes that your Pulumi and AWS CLI are already configured. If necessary, consult Pulumi's [Getting Started with AWS](https://www.pulumi.com/docs/get-started/aws/) guide.

After deploying the EKS Cluster and Istio CNI, you can further configure your cluster and deploy additional services and applications to your EKS cluster to begin taking full advantage of Istio's networking features.